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(57) Abstract 

The invention relates to a method and system for authenticating a program code. In the method, a first check sum is computed at the 
program code, the computed check sum is compared with a second check sum known to be valid and in response to the aforementioned 
comparison the program code is proved to be authentic in case the first check sum matches with the second check sum. Further, a 
predetermined challenge is added to the program code after which the aforementioned first check sum is computed at the combination of 
the program code and the challenge. In this way, the applications used in applications demanding high security may be certified dependably 
and variably. In that case, the users of software may count on the authenticity of the data processed, e.g. on the display of a mobile phone 
or a keyboard throughout the whole process. 
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1 

Method and device for authenticating a prugtjn code. 

SCOPE OF THE TECHNIQUE 

The invention relates to communication sys- 
5 terns. One specific objective of the invention is a 
method and system for testing the reliability of soft- 
ware . 

The objective of the invention is a method 
for authenticating a program or program code stored on 

10 a storage device in which method a first check sum is 
computed at the program code, the check sum is com- 
pared with a second check sum known as valid and in 
response to the aforementioned comparison the program 
code is proved to be authentic in case the first check 

15 sum matches with the second check sum. 

BACKGROUND OF THE INVENTION 

Mobile networks, i.e. GSM networks (GSM, 
Global System for Mobile communications) have recently 
20 become very popular. The additional services connected 
with the mobile networks have correspondingly in- 
creased at ah 'accelerated tempo. The application" 
fields are most vefsatile'.- 'The mobile telephone may be 
^ used as .-..a. means -of 1- payment , for, e.g. petty purchases-; ! 
, 25 such as, soft drinks and , ; qar wash automates . Everyday 
activities, such as payment transactions,.;; bank serv- 
ices et'c, . have been added, ~ and will be ^aclded also in 
the future, to the c : functionality of present !, mobile ' v 
phones . ,,.,The \^mobile| : '^sjtkt\bns *df the next; ; ^geripration 
; 30 will be ; more' advanced in respect of the seryice level 
and data ;trarisf er capacity^ compared with .the previous 
: ones. /', '^"l ,\ „ v "] ?: 

; With the aid of digital signing, which? is re- 
garded as a general requirement; in electronic payment, 
35 it is possible to make sure of the coherency of the 
information to be sent and identify the source ad- 
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dress. The digital ' signature is . derived by encrypting . 
the check sum computed . at the . information to be sent 
with a .sender's private, key. _ As nobody, except the 
sender, knows the private , key,, the recipient may, when 
5 decoding the encryption with the .sender's, public, key, 
make sure that the information is_ unmodified and gen- 
erated .by; using the private key only known to the 
sender. An ..example of an algorithm used ; in digital 
signing is a. RSA ciphering, algorithm, which is an en- t 

10 cryption system of both the public key and the private 
key and which^i? also used for encrypting jnessages . 

In, the public key. infrastructure the user 
keeps the private key only to ..himself /herself , but the 
public key is available to all entities. It :is. not 

15 enough that the public key is . stored as such, e.g. in 
an electronic mail directory, because somebody might « 
forge it and appear as an authentic holder of the. key- 
Instead, certif ication and certificates r are needed, , 
which .serve, ^as., a proof , given by f the trusted party 

20 (certif ication authority) of ., the : fact .that the , name, , 
identification number and public key belong to the , 
same peirson. The certificate . is usually a combination 
consisting of a public key, name ? and., ; idejriti£icatioii 
number h , etc , which the certification ..authprity signs r 

25 with his/her private: key . ; - ■ ; - ^ ^ <: ; h 

r When the recipient of ^ .digitally signed mes- , 
sage wishes .to make sure .of the authenticity = of, the . 
message/ at first he/she has . to ^obt^in . tl}e digital . . 
certificate,^- which gives him/her, the .public key _^n£ 

30 the name. , After that he/she has ( to , authenticate the..,,.,? 
certificate. To u be able to perform this - he/she. may , 
have toj obtain some more additional certificates (a 
cerfication chain) which have .been us^d to authenti- 
cate the^ : cjertif icate in question..^ ? : *v ; - 

35 . :: .ln case the ^certificate i5 is authentic, the. re- 

cipient- authenticates the message ( by using the public: 
key received along with the certificate. If the signa- 
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ture passes the test, the sender is the person identi- 
fied by the" certificate. In ' certif 'icataon;'" j a'" special ; * 
block list is used in which the certificates 1 taken out *' 
of use are "entered. Directdry * Services are needed for ' 
5 both the certif icateis and the block" list. - " ' ' ' ' - * 
' Mobile phones have been" implemented 'by using 
at least partly embedded systems and software. In this 
case, the modifying of the original software and' func- : 
tions * is possible/ at least partly. With a modified ■" 

10 software the content of electronic payment 'messages 
may be changed witli J intent to defraud by cfiariging the 
account numbers,^ sums liable to payment, digital sig- 
natures etc / and at the same provide the user with the 
correct information about the transactions. - 

15 At the present time it is impossible for the 

user to check, if the J mobile phone 1 he is using is piro- - 
vided with the original 1 software made by the tnanufac- ; ' 
turer or some kind- of modified version. In case the : 
mobile 1 phone is used for bank- services; as a means of r : 

20 payment 5 etb , " the user Has to be able to check ■ that tHfe 
device is f provided with' the valid, original ssof twafe 
version. 

' The nibst impbrtkrit thing for the^ user is ;: tbi : 
be abl^tcr' check the ;:f £eliability of the display and xr 

25 key bo&rdy ' the security*;'*' the originality of the parts ' — 
associated with the security, such as ^ storage 1 of the :1 s: 
subscriber identification" data, "the pass i: words' arid key 
codes as well 'as the " security and reliability of ^the* 
communi cation channels used by the " device, in addi-^ 5 

30 tion, the user has to be able : to check the Jl sof twaire : 
randomly, at ' an : \inpr6dictable' ; mome so that tHe^soft- /; 
ware i3 riot befbrehand prepared to be checked. . r * -\ r 
■■ ' " In pr iricipl ei , a* " sof tware may be r ^chfecJcecP by 
using a ::r £o : called direct - checking in which 'case ' r ----tewb-- - 

35 independent check sums, effective enough, are computed ? 
on the mobile phone software, e.g. using a hash func- 
tion SHA-1 , MD5 or an equivalent arid effective Hash 1 ' 
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function: The first" check sum' is computed on the mo- 
bile phone arid the second check sum is computed by the 
supplier of the original software. The first and the 
second check sum are cbmpared with each other and in 
case they match, the software' 'of the telephone is 
original. However, the problem associated with this 
solution is the fact that a modified or forged soft- 
ware may ignore the programmatic computation coded in 
the program and print only the original check sum as 
if it were the first check sum, when so requested by 
the user, 

THE OBJECTIVE OF THE INVENTION 

The objective of the invention is to ..elimi- 
nate or at least reduce the drawbacks referred to., 
above. , pne specific objective, of , the. present . invention 
is to disclose a method and system for reliable check- 
ing of the. authenticity and validity of .software in a 
mobile ..station, though the invention may- be, us^d for 
testing- qf any. kinds of, sof t^ar^i ;: , ... , 4 ; . } - f _ ■ .,. . 

A: further objective of t the . invention is r to 
disclose- a reliable and. variable method by using, which 
different, service providers ^nd users of the ; s ; ervice$. , 
may make . .sure of the authenticity of the : devices a^cL. 
programs used by them. \ v ^ . , < ~ < . 

As for the features characteristic of the in- 
vention, reference to them is macle in the claims. ; 

SUMMARY ; OF THE , INVENTION ^ ; 

"-■■---■The main principle of J the' methoci of 1 the in- *' 
vention- is :: to use for checking so called direct' check- 
ing. In this procedure the manufacturer of tlie : origi- 
nal software announces a variable challenge 8x set of 
challenges and a response or check sum ^corresponding 
to eacfi' of ^ the challenges.' Thb ! challenge is chosen 
from a' group/ which consists of a 'character string, 
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program function and, input. WJien the. user at a random 
moment wishes „,tp check the authenticity of. the soft- 
ware he/she is using, he/she . stores,, or inputs the. 
challenge into the deyice , . <s . g . mobile phone, which is 
5 using. the, . software . . The challenge^ is . stored in the 
same memory as tlie software after which the device 
computes, the check sum, i.e. the response, at the mem- 
ory space by using a check algorithm. ^ The device gives 
this response to the user, who compares it with the 
10 response corresponding tp the given challenge , and . in. 
case the responses match, the user knows that the 
software is authentic and original. By using this kind 
of procedure, it is possible to. . compare with each 
other two programs with the same origin. When using a 
15 software known as secure and randomly chosen chal- 
lenges, the responses given by a safe software may be y 
compared with the responses given "by th^ software to : 
be checked/ * u> J: - - - • - : \ i:.*~z.-:_ 

,; The fc user' may retrieve the challenge J and : the ' ; 
20 check sum cdfresporiding to- : i^ the database,- : - 

which is maintained on a saf e network' server available : 7 
to the -user, - or in 7 any r type ; of mediai the iiser : has ac- 
cess tor' In the J same' 1 databa^sb 1 may also be maintained' 
the vSl-id -program' codes ; into which the useir may input rV 
25 the same challenge as into his/own ' device and "thereby" r; 
compare the check sum given by his/her own devicis mth :, ,! -- 
the one given by the "valid program code^ ~ ■ : r 

In the - method of theT invention, a first check 0 - ' 
sum is computed at the program code, the check sum is 
30 compared with a second check sum known as valid : an<3 ixr**-"* 
response to, the aforementioned comparison the . program 
code is. proved - to bes . ^uthenticy. -in case , the , first v, > 
check sum matches with- v the .second check sum. - ^ ^ : y 
Accorcling to « the . invention, a challenge ^ is , 
35 added .to .the .program code, and only after this , the,. 

aforementioned first, check sum is computed at. the com-. - 
bination of the program code and the challenge. , In 
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this "application, the * challenge' is an 'input, a certain 
character string " oi: '^corresponding' data added to the" 
program code by using' which the computation is ' bound 
to a give ijertain outcome . In one application of the 
5 invention, the program" code and the challenge " are 
stored in the memory space" and the " check sum' is com- 
puted at the whole memory space, wherein the aforemen- 
tioned program code arid challenge ' are stored. The 
challenge 'to be added may be modified by using an ap- 

10 propriate algorithm, which produces a challenge of 
standard format to be added to the program code no 
matter how the character string" is. In this case, the 
addition of the challenge in the program code may be 
standardised, which makes the authentication easier to 

15 be implemented- For example the algorithm SHA-1 always 
produces a 160 bit long challenge regardless of the 
challenge length, which challenge as being of standard 
length may be added to the program code. However, the 
hashing of the original challenge before adding it to 

20 the program code does riot effect the reliability or 
function of the challenge and check sum a pair, provided 
that the challenge is hashed by using an algorithm 
known to everyone, which always produces the same hash 
from the original challenge. 

25 " A "memory area, the size of a challenge, in 

the software or program code to be checked, may be 
substituted with a challenge; the challenge may be 
added to the memory area or alternatively, the memory 
area may be left blank in which case r the . challenge is 

30 in fact an empty character string Jn addition, adding . 
the challenge may mean removing a certain program code 
part before computing the check sym. In all of these 
cases, the check sum computed at the memory space is 
unique and unpredictable and depending solely on the 

35 combination of the program code and the challenge. , 

In one application of, the present invention, 
the challenge and the check sum corresponding to it 
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are chosen from a group of ^ random, challenges , . which . ; 
comprises of challenges .and check .sums corresponding 
to them. New pairs of challenge and check , sum may he.,.,... 
constantly generated, which makes N the . deceiving even , 
5 more difficult. Moreover, by choosing the challenges 
and the check sums corresponding to them in such a way. 
that the freed mempry cannot be used for storing the. 
check list, the reliability is improved _ at ^the same, „ 
Moreover, it is important that the storage device is 
10 not connected to the external database, terminal de- 
vice or any other device, where ; .it could retrieve or 
request the check sum corresponding to the challenge. 
It is important that the necessary computing routines 
are carried out solely by the local software. _ . 
15 In another application of the invention, an 

authenticated program code may be used for the authen- 
tication of other program codes included in the same 
software or system in such a way that the check sum of 
the authenticated program code is compared with the 
20 one given by . other program codes over the same chal- 
lenge. This concerns, e.g. the use of an authenticated 
program code of a first user for the authentication of 
the program code of a second user. In one application, 
' the mobile phone of the first user might transmit a 
25 message to the mobile phone, of the second user. The 
message would inform the challenge, which the user of 
the second mobile station could use for testing of 
his/her software. The same solution may be used for 
automatic testing in such a way that network transmits, 
30 e.g. during the initialisation of the call, a challenge 
to the telephone to which the telephone responds by , 
transmitting the computed check sum. If the' check sum 
is not valid, the iietwork makes the necessary conclu- 
sions and informs the user as well as other necessary 
35 parties about the matter. 

An " advantage of the invention compared with 
the prior art is the fact that due to the invention 
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embedded systems -.or sof tware known as reliable ' may be 
implemented the . reliability of .which ■ may be checked 
after- certain periods.^ of-- time.: - _\ 

A further advantage - of the invention, in com- 
5 parison j.with- the. prior art is. the fact that the com- - 
puting. of, the check sum does not need to be an exter- 
nal function, instead .it. may be integrated . in the 
software to. be -checked. Moreover, the solution, of the 
invention - makes it unnecessary^^ to use the method ■, of 

10 both the; public key and the .private key i 

Moreover, random access .memory- is needed 
less, because the program, code does not need to b£ de- 
coded or . modified in the device. Moreover, due. to the 
dynamics of the challenge and the check sum corre- 

15 sponding to it, the check sum corresponding- to the. 
challenge may not be .known beforehand. In this case, 
the generation of the 1 challenges may be done com- 
pletely ^randomly . i ■ ; - 

20 DRAWINGS . v? , > r i,; /; .'-v. 

'In the "following section, the invention is 
described by referring* to the attached drawings in ' J 

which ' ' ' ' ' - * J " ' v/" — ■ • • '• ■■-:/--J^ 

Fig. 1 " schematically represents "a device of 
25 che invention. 

~ Pig. 2 represents the function' as described" 
in the invention by using a ' block diagram and 

Fig. 3 represents one example of ' computing 
the check sum as described in the invention. 
30 _ ; ' ' ' " ' ' " ' : '' r ' ~" 

DESCRIPTION OF THE INVENTION IN DETAIL ? " " 

:;Y .The ...device,; of fig. 1 , cq>mprises of memory 1,. . ;; 
processor 2 /; . receiving block 3, display 4 and -input 
device The memory v is , divided into a static: part A, f 

35 and dynamic part B. The size of , the dynamic part B is 
chosen in. such a way that the check , sum corresponding 



OOCID: <WO 0070427A1_I_> 



WO 00/70427 



PCT/FI00/dtf448^ - 



9 

to the challenge does « not * f it *to be -stored in ' it, - iri:-:- i i 
order -to - - reduce deceiving. Memory.- receiving * blocks ' * 

3, display 4 and input device - 5 are'-' -cotinected tb^proc-* - 
essor 2. 'One 'example* of a " device -.x represented in 
5 figure 1 could be a mobile station," >. which comprises 

of a central processing • unit along with the: processors • - ! ' 
1 and memories- 2, the receiving block 3, display 4 l and 
the keyboard.; Substantial ;in%' respect of.: the invention . * / 
in question :is not -the device itself by using;' which - 
10 the invention is realised, .instead vvaried; devices ■• used - f 
in electronic transactions may be possible.. ^ . 

In addition, : the device" ;.as represented in 
figure* 1 .comprises /• of .-means 12 for computing the check. - 
sum at the> program- code, means .6 for adding the prede- 
15 termined challenge to. the program code and means, .7 f or /; ; ; 
computing the aforementioned, first check sum at the 'lu, 
combination of the program code and .the challenge, rlny 
one application, the means 7 and 12 may \ be • imple-r ; :-j i> ; 
mented, e.g. using a certified program code in which 
20 case they are saved in the memory. ^^1:2:^ 
Moreover, the. device as represented in figure 
1 comprises of means, 8 for storing the program and 
challenge in the memory space and means 9 for computing 
the check ..sum at the whole static memory space, 
25 wherein the aforementioned program code and challenge 
are stored. Moreover,, the device comprises of equip- 
ment 10 for receiving the challenge on the storage de- „ 
vice via keyboard 5. 

Fig. 2 represents the function of the inven-, 
30 tion in block diagram. The generator 26 of both the 
challenge and the check sum is an ^outside certifica-_ 
tion authority, another than the user 27, e.g. the 
manufacturer of Che : program- or a- trusted third - part, 
which posses- -the original program code.' The user 'ire- - 
35 ceives the* challenge^ and- 1 -the corresponding* che'ck sum, 
arrow : 20, from ah* -outside 'certification authority,* 
e.g. from its ' safe Internet si'tes . The user 27 act i - ; : ' 
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vates n the Check 'prompt of the" device, arrow 21. The 
device requests of ' the : - user for' the challenge; which 
he/she inputs into the device, arrow 22. The device 
is, e.g. a moBile phbhe . The -program code is read" ac- 
cording ' to the algorithm "28 , arrows 23 and 24, arid the 
check sum is computed using an appropriate method. The 
program code is located in: the program memory ^29. The 
check sum may be ; computed, e.g. using a hash function. 
Hash functions are, e.g. " MD5 and SHA-1." The check ' sum 
resulted from the application of algorithm 28 is re- v 
turned to the useir 27, who requested it, arrow 25. The 
user 27 reads the computed check sum, e.g. on the dis- 
play of his/her mobile 1 phone and compares it with the 
check sum given by the outside certification author- 
ity. If the check sums match, the program code of the 
device is 1 valid. 

'' Substantial in * the way of f realising the 
checkout is the fact that the challenge is not known 
beforehand. For this reason, the' check sum correspond-' 
ing to the challenge is impossible to" anticipate.' The 
challenge to be input has to be/ in addition to tha£, 
long enough, in order to gain the washed reliability^ S 
Further, the check sum itself is not input into the 
program in which case the program cannot adapt itself 
to the circumstances, in accordance with the check 
sum. When generating the check sum, the whole program 
code to be checked is read using an algorithm. The 
challenge and the program code are combined in such a 
way that the program cannot compute the combination of 
the result of the checkout and the challenge corre- 
sponding to the original program code and consequently 
come to the right conclusion. 

Fig. 3 represents a preferred example of gen- 
erating the check sum as described in the invention. 
The user wishes to make sure of the originality of the 
software he/she is using as described in the inven- 
tion. For the checkout, a random challenge 3 0 has been 



WO 00/70427 , 



11 



PCT/FIOO/00448 ; 



10 



15 



20 



generated using which. ,thQ ( checkout is . carried,. out . : In 
this example , the challenge o 3 0 ..is .. a^ .character string 
consisting^ of ( characters., A, B, W,.* U,_,,M* and, L E. Each.of, 
the characters of ? -the -.challenge^-: 3 0 r are located some- 
where in the memory space. 31. t The location . v area is de- 
fined by the location algorithm 32. . The t location algo- , 
rithm functions, e.g. in such a way that the character 
included in the challenge is added to a certain memory 
address of . the memory area 31. or alternatively in such 
a way that a .certain computation operation is carried 
out between ,the character, and .the content of a certain 
memory address the outcome of which is ^located in. the 
memory address in question. .Arrow 33 shows the pro- 
ceeding of the check algorithm ; . When all the charac- 
ters included _ in the challenge have been located, in 
the memory space 31 as wished, a check sum is computed., 
at the whole memory area using, e.g. a hash algorithm. 
As an example of a hash algorithm let it_be mentioned 
the MD5. and SHA-1 algorithms, . . . f> . - 

The invention, may. not be restricted ; to ; .,the,, 
examples of its applications described above, instead, 
many variations- are, possible within, the , scope of the .. 
inventive idea, defined in the claims. : 
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CLAIMS :v • ^' . 

1. Method for authenticating a program code 
stored on a storage device, which method comprises of 
the following phases: 
5 - a first check sum is "computed at the pro- 

gram code, 

- the check sum is compared with a second 
check sum known as Valid and 

- in response to the aforementioned compari- 
10 son the program code is proved to be valid, in case 

the first check sum matches with the second check sum, 
characterised in that the method comprises 
of the following phases: 

- a challenge is added to the program code, 
15 which challenge is chosen from a group including the 

character string, program function and input, in order 
to form the combination of the program code and chal- 
lenge. ^ 

- the aforementioned first check sum is com- 
20 puted at the aforementioned combination. 

2. Method as described in claim 1, c h a.r - 
acterised in that the method comprises of the 
following phases: 

- the said program code , and the said challenge 
25 are stored in the memory space and r 

- the first check sum is computed at the 

whole memory space, wherein the aforementioned program 
code and challenge are stored. 

3. Method as described in claim 1 or 2, 
30 c h a r a c t e r i s e d in that the said challenge 

and the check sum corresponding to. it, are chosen from 
a random r group consisting of a set of challenges and 
check, sums corresponding to them. 

4.... .Method as defined in claim ,1 or 2, 

35 c h a r a c t e r i s e d in that ..the length .of the 
said challenge is chosen in such a way that the freed 
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memory cannot be used for storing the check sums cor;-)., 
responding to the challenges. 

5. Method as defined in claim 1, c h a r - 
acterised in that an authenticated program code 
5 is used for authenticating other program codes " included 
in the same software or system in such a way that the 
check sum of an authenticated program code is compared 
with the one given by other program codes over the same, 
challenge. 

10 6. Method as defined in claim 1, char- 

acterised in that the method, in addition, 

prevents the connection of the said storage 
device with the outside world; and 

the validity of the program code is verified 
15 in the storage device. 

7. Method ais defined in claim 1, c h a r ac- 
terised in that the said challenge to be added to f 
the said program code is modified by using a certain , 
algorithm, in order to get a challenge of a standard 

20 format. 

8. Device for '* authenticating the program 
code, which device' comprises of the following equip- 
ment : ' 

- data-processing equipment (1) , 

25 ' " - storage device (2) , which is connected with 

the aforementioned data-processing equipment (1) 

- means' (12) for computing the check sum at 
the program code. 

display (4), which is connected to* the 
30 aforementioned d4ta-processirig equipment arid 

-~ keyboard (5) , which is connected to the ' 
aforementioned" data-processing equipment,' c h a r '-' 
a c t e rase & in that the* equipment comprises' of:'" ' : ' u 
means (6) for adding the predetermined 
35 challenge, which is chosen from a group, which con- 
sists of a character string, program function' and in- 
put, to the program' code, as well as means for -forming 
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the combination of the program code and the challenge 
and 

- means (7) for computing the first check sum 
at the aforementioned combination. 

5 9. Device as defined ^in claim 8, char- 

acterised in that the device comprises of: 

- means (8) for storing the said program code 
and said challenge in the static memory space and 

means (9) for computing the check sum.. at 1 
10 the whole static "memory space, wherein the said pro- 
gram code and said challenge are stored. 

10. Device as defined in claim 8 char- 
acterised in that the device ^comprises of means 
(3) for receiving the said challenge at the storage 
15 device via keyboard (5) . 
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